Hacked page hauls estimated at US$10,000 a day

By on
Hacked page hauls estimated at US$10,000 a day

A recent wave of search engine optimised web attacks is netting a huge cash haul for hackers and malware vendors, according to researchers.

Security firm Finjan claimed that a single hacker can make as much as US$10,800 a day by embedding compromised web pages with links to attack sites and lists of popular search terms.

Finjan chief technology officer Yuval Ben-Itzhak said that the company recently observed a single attack operation involving a set of compromised pages that redirected to a site pushing a rogue anti-virus program.

The attackers had compromised a series of pages which were then embedded with lists of popular search terms collected from services such as Google Trends or current news items.

The same pages were then injected with obfuscated code that redirected to the attack page, which used fake alert boxes to convince the user to download and purchase the bogus security software for US$50.

Over a period of 16 days, Finjan recorded some 1.8 million hits from the infected pages.

Between seven and 12 per cent of the victims actually downloaded and installed the software, and roughly 1.79 per cent paid the US$50 fee.

Finjan estimated that the sales generated a haul of around US$191,000 from a single attack operation.

Using common referral rates of roughly 1.6 cents each, Finjan also estimated that the cut of the profits being paid to the hackers was US$172,000 over the course of 16 days.

Perhaps most troubling is the ease with which these operations can be performed.

Ben-Itzhak said that the operation his company observed was likely to have been run by one or two people, and required relatively little knowledge or skill.

"Everything is being done automatically. They're using automatic tools to compromise the web site and it isn't hard to find keywords," he explained.

"You don't need to have a PhD to set this up, and that is why it is so successful."

The current economic crisis has led many security experts to worry that cyber crime will surge in the coming months and years, as users turn to the web for job opportunities and bargain shopping.

Other reasons for the growth in cyber crime are increasingly sophisticated attack techniques, and the availability of easy-to-use tools which enable criminals to make quick money.

"These numbers clearly indicate why cyber crime continues to grow," said Ben-Itzhak.

"You can see the numbers, you can see how successful it is, and there is no reason to think it will die."

Copyright ©v3.co.uk

Most Read Articles

Log In

|  Forgot your password?